Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Red Team Operations Attack Lifecycle

Uday Mittal January 3, 2021

Red Team Operations Attack Lifecycle

This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack.

The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature:

  1. Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization.
  2. Initial Compromise (Foothold) – In this phase, information from Recon phase is analysed to identify and exploit a vulnerability or launch a phishing attack that helps in establishing a foothold within the target network.
  3. Privilege Escalation – In this phase, the attacker attempts to escalate privileges to an administrator (Windows) or root (Linux) account on the compromised host. Usually, this is done each time a new host is compromised.
  4. Establishing Persistence – In this phase, the attacker installs a persistence mechanism (usually a Command and Control (C2) agent) to maintain presence in the target network. This enables the attacker to communicate with compromised hosts without having to exploit it again in case the original connection dies out. Usually, this is done each time a new host is compromised.
  5. Internal Recon – In this phase, the attacker leverages the compromised host to gather information about the internal network. Usually, this is done each time a new host is compromised and is thought to have access to more resources. For example, if an attacker compromises an Active Directory domain joined machine, they can use that machine to enumerate the Active Directory network.
  6. Lateral Movement – In this phase, the attacker tries to expand their access by compromising new hosts within the target network. The information collected during Internal Recon phase is leveraged here.
  7. Data Analysis – As new hosts are compromised, the attacker scans each of them for interesting information (employee records, financial statements, PII, credit card information, customer databases etc.).
  8. Exfiltration – Anything that the attacker deems useful is pulled out and downloaded onto the attacker machine (or their chosen location).
  9. Deleting footprints – Once the attacker has achieved their objective, they delete all files, logs, emails etc. created by them during the exercise to hide their presence.

Featured Image Source: Freepik.com

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Adversary Emulation Tagged With: Penetration Testing, red team

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team red teaming Risk Management Social Media user enumeration Wifi

Top Posts

  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • Social-Engineer Toolkit: An Introduction
    Social-Engineer Toolkit: An Introduction
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress